1

Possible Duplicate:
VsFTPd - LDAP - PAM

I am trying to configure a VsFTPd server to authenticate agains an LDAP server. It may be easy, but since it is the first time that I am using both LDAP and PAM, I have some difficulties. VsFTPd runs on an Ubuntu Server 11.04 and the LDAP is OpenLDAP on an 10.10 Ubuntu Server. VsFTPd cannot connect to the LDAP server, in my syslog I have:

vsftpd: pam_ldap: ldap_simple_bind Can't contact LDAP server

The LDAP server is OK since I can do an ldapsearch.

Here is my /etc/pam.d/vsftpd file:

auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
@include common-account
@include common-session
@include common-auth
auth required pam_ldap.so
account required pam_ldap.so
session required pam_ldap.so
password required pam_ldap.so

And here is my /etc/ldap.conf file:

base dc=example,dc=com
uri ldapi:///ldap.example.com
ldap_version 3
rootbinddn cn=admin,dc=example,dc=com
pam_password md5
nss_initgroups_ignoreusers a_bunch_of_system_users

Can anyone help me please ? Thank you.

EDIT: precision about Ubuntu Server. Typo on pam_listfile.so

Community
  • 1
Totor
  • 95
  • 1
  • 3
  • 9
  • I think you'll have better luck on [sf], I've voted to migrate it there. Is your `vsftpd` confined with a tool such as [AppArmor](http://wiki.ubuntu.com/AppArmor/), [SELinux](http://en.wikipedia.org/wiki/Security-Enhanced_Linux), [TOMOYO](http://tomoyo.sourceforge.jp/index.html.en), or [SMACK](http://schaufler-ca.com/)? Using [mandatory access control](http://en.wikipedia.org/wiki/Mandatory_access_control) tools can prevent applications from getting access to all the resources they need to function correctly. – sarnold Oct 04 '11 at 22:15
  • I disabled AppArmor, but no changes. How do I move this question to ServerFault ? And I forgot to tell that my FTP server is on Ubuntu Server 11.04 and the LDAP on 10.10. Thank you for your help. – Totor Oct 05 '11 at 07:59
  • `pam_lisfile.so`? Is that a typo in your content here, or a typo in your `/etc/pam.d/vsftpd`? – sarnold Oct 05 '11 at 08:03
  • No, it is a typo here. This line was generated automatically when I installed VsFTPd. – Totor Oct 05 '11 at 08:05

1 Answers1

0

It looks like URI is incorrect - it has an extra slash. That is probably why you are getting that message, as it couldn't find the ldap server at all.

It should be:

base dc=example,dc=com
uri ldapi://ldap.example.com
ldap_version 3
rootbinddn cn=admin,dc=example,dc=com
pam_password md5
nss_initgroups_ignoreusers a_bunch_of_system_users

However, since you are apparently connecting locally, you should probably simply things for now with:

base dc=example,dc=com
uri ldapi://127.0.0.1
ldap_version 3
rootbinddn cn=admin,dc=example,dc=com
pam_password md5
nss_initgroups_ignoreusers a_bunch_of_system_users
Rilindo
  • 5,078
  • 5
  • 28
  • 46
  • Thank you, it was the problem. This question was moved from StackOverflow and I had already re-created here before. http://serverfault.com/questions/318622/vsftpd-ldap-pam I still can't get the users to connect to the FTP using LDAP and I don't know where my problem is. The only log I have is VsFTPd's "LOGIN FAILED" which is not very helpful... – Totor Oct 05 '11 at 15:21